Western Intelligence Agencies Hacked Russia’s Yandex To Spy On Users

According to Russia, a group of
hackers working for the Western Intelligence agencies managed to break into
Russian Internet search company, Yandex, in late 2018. The said group of
hackers employed a rare kind of malware, Regin, in order to spy on user
accounts according to four people who have the knowledge of the matter.

The malware is known as Regin and is
famous for being used by the ‘Five Eyes’ intelligence-sharing alliance that
exists between the United States, Australia, Britain, Canada, and New Zealand.
There has been no comment on this allegation by the intelligence agencies of
these countries. However, western cyberattacks against Russia are rarely
acknowledged or addressed in public. Sources who had direct knowledge of the
hack have stated that it is not known for sure about the origin of the attack.
The breach did take place however, between October and November 2018.

Yandex spokesman Ilya Grabovsky has
acknowledged the incident in a statement to Reuters but has not provided any more
details. He said, ‘This particular attack was detected at a very early stage by
the Yandex security team. It was fully neutralized before any damage was done.
Yandex security team’s response ensured that no user data was compromised by
the attack.’ Yandex is also referred to as Russia’s Google because of the
different online services that it offers and has over 108 million monthly users
in Russia. It also operates in Belarus, Kazakhstan, and Turkey.

According to the sources that have
described the Regin attack, the hackers seemed to be looking for obtaining the
technical information that would help them understand how Yandex authenticates
user accounts. This information could enable a spy agency to impersonate a
Yandex user while accessing their private messages. The hack of Yandex’s
research and development unit was aimed at espionage rather than disruption or
stealing intellectual property. The hackers actually maintained their access to
Yandex covertly for a few weeks prior to detection. The Regin malware came to
light as a tool used by Five Eyes in 2014 after Edward Snowden – former US
National Security Agency contractor – made his revelations.

US cybersecurity firm Symantec has
also claimed that it recently found a new version of Regin. Vikram Thakur,
technical director at Symantec Security Response, said, ‘Regin is the crown
jewel of attack frameworks used for espionage. Its architecture, complexity and
capability sit in a ballpark of its own. We have seen different components of
Regin in the past few months. Based on the victimology, coupled with the
investment required to create, maintain, and operate Regin, we believe there
are at best a handful of countries that could be behind its existence. Regin
came back on the radar in 2019.’